FROM  THE  EDITORS  OF 


1 


COMPUTERWORLD 


VOLUME  3,  NUMBER  4 


APRIL  27,  1998 


isn't  for  everyone 

t  MedicaLogic,  Inc.,  three  times  was  the 
charm  when  it  came  to  deploying  a 
virtual  private  network  to  allow  its 
road  warriors  to  connect  with  the  company  network. 

The  first  time  there  were  software  bugs.  The  sec¬ 
ond  time,  remote  access  was  a  problem. 

Now,  more  than  a  year  later,  the  Hillsboro,  Ore.- 
based  medical  records  software  firm  is  slowly  mov¬ 
ing  to  another  Internet  service  provider  (ISP),  one 
that  allows  workers  anywhere  in  the  country  to  dial 
a  local  number  and  tap  into  MedicaLogic’s  systems 
within  seconds. 


i,  t  UK 


INSIDE  ■  THE  NEXT  GALAXY,  PAGE  3  ■  WHAT'S  A  VPN?  PAGE  6 


MedicaLogic's 


DENNIS  WILSON: 


We  remain  con¬ 


vinced  that  it's 
going  to  pay  off 


PRODUCT  SAMPLER,  PAGE  10 


VIRTUAL  PRIVATE  NETWORKS 


a 


Continued  from  page  1 

In  other  words,  it  has  finally  tapped 
the  potential  of  virtual  private  net¬ 
works  (VPN)  —  that  IP-based  con¬ 
nectivity  technology  that  allows  data 
to  be  transported  either  over  the  back¬ 
bone  of  a  single  ISP  or  across  the 
broader  Internet. 

“We’ve  gone  through  the  early  adopter 
pains,”  says  Dennis  Wilson,  Medica- 
Logic’s  information  systems  manager. 
“But  we  remain  convinced  that  it’s  going 
to  pay  off  and  that  the  cost  savings  to 
this  kind  of  approach  are  real.” 

Wilson  is  not  alone.  Spending  on 
VPN  products,  systems 
integration  and  ISP 
services  is  projected  to 


grow  from  an  estimated  $205  million 
in  1997  to  $1 1  billion  in  2001,  accord¬ 
ing  to  a  1997  report  by  San  Jose,  Calif.- 
based  Infonetics  Research,  Inc. 

That’s  because  its  promise  is  great: 
By  taking  advantage  of  the  Internet, 
VPNs  can  significantly  reduce  the  cost 
of  transmitting  data  within  and 
among  businesses.  Firms  can  connect 
via  local  points  of  presence  and  reduce 
their  phone  charges.  And  those  VPNs 
operated  and  managed  by  ISPs  can 
potentially  simplify  the  management 
of  security  and  other  nettlesome  infor¬ 
mation  technology  issues  by  pushing 


Howto 

Evaluate 

VPNs 


■  ASK  TOUGH  QUESTIONS  about  ser¬ 
vice-level  guarantees.  Some  ISPs  now 
guarantee  availability  to  their  net¬ 
works,  though  guarantees  for  latency 
and  packet  loss  are  not  yet  available. 

If  ISPs  don't  meet  those  guarantees  for 
several  months  in  a  row,  some  will 
refund  a  portion  of  monthly  fees. 

■  TEST  THE  VPN  as  much  as  possible 
with  typical  tasks  and  applications  for 
which  it  will  be  used.  Client/server 
database  applications,  for  example, 
might  have  to  be  reconfigured  to  take 
into  account  variations  in  the  speed  of 
data  transmission  over  the  VPN. 

■  CONSIDER  A  HYBRID  SOLUTION. 
Because  VPNs  are  more  cost-effec¬ 
tive  for  some  applications  than  for 


others,  companies  with  a  frame- 
relay  network  should  consider 
using  a  VPN  for  some  applications 
and  retaining  the  frame  for  others. 
Choices  can  be  made  by  weighing 
concerns  about  security,  reliability 
and  relative  cost. 

■  DON'T  TAKE  AN  ISP'S  WORD  on 

its  performance.  Test  it  yourself 
over  a  period  of  several  weeks  by 
Pinging  (this  is  a  standard  Internet 
protocol)  the  host  from  a  variety  of 
locations  to  determine  the  path  of 
the  traffic,  transmission  speed  of 
the  data,  packet  loss  and  other  crit¬ 
ical  information. 

■  THINK  ABOUT  THE  SKILLS  and 

demands  of  your  company.  Does 
your  company  want  to  be  responsi¬ 
ble  for  managing  the  VPN  and  moni¬ 
toring  security  —  and  for  hiring  and 
retaining  those  workers?  Or  would 
it  be  more  comfortable  off-loading 
those  tasks  to  a  third  party? 


network  oversight  out  to  a  third  party. 

“There’s  no  doubt  that  Internet- 
based  VPNs  offer  significant  advan¬ 
tages  in  what  I  call  cost-effective, 
flexible  connectivity,”  says  Dan  Mer- 
riman,  an  analyst  at  Cambridge, 
Mass. -based  Giga  Information  Group. 
“It’s  an  easy  way  to  establish  connec¬ 
tivity  without  having  the  central  man¬ 
agement  requirement  that  is  there 
with  frame  relay  or  with  a  dial  man¬ 
agement  structure.” 

Yet  while  the  buzz  about  VPNs  is 
intense,  so  is  the  confusion.  Vendors 
report  that  customers  are  insisting 
they  need  a  VPN  deployed,  even 
though  they  don’t  have  a  clue 
what  one  is  or  how  it  might 
help  them. 

Customers  are  baffled  by  not 
only  the  variety  of  applications  for 
VPNs  —  intranet,  extranet  and 
remote  —  but  also  the  plethora  of 
methods  of  deploying  them.  VPNs 
can  be  established  with  a  combi¬ 
nation  of  firewall,  security  measures 
and  management  software  or  outsourced 
to  ISPs  (see  story,  page  6). 

And  barely  more  than  a  year  old, 
VPNs  are  also  subject  to  the  grow¬ 
ing  pains  of  any  new  technology. 
Issues  of  interoperability,  security  and 
performance  are  still  being  worked 
out.  As  a  result,  companies  that  have 
deployed  them  report  a  wide  variety 
of  experience.  Flere’s  what  some  of 
them  have  found. 

MEDICALOGIC'S  STORY 

When  MedicaLogic  first  looked  at 
giving  its  75  salespeople  access  to  the 
company  network,  it  quickly  ruled 
out  dial-up  access  as  too  expensive. 

“If  we  went  with  the  classic  room¬ 
ful  of  modems,  the  long-distance 
charges  of  connect  time  racks  up  a  lot 
of  money,”  says  Dennis  Wilson,  Med- 
icaLogic’s  IS  manager.  “That’s  tens  of 
thousands  of  dollars  a  year.  And  with 
modem  standards  moving  so  quick¬ 
ly,  there  is  an  ongoing  capital  invest- 
Continued  on  page  6 


2  CGMPUTERWORLD  INTRANETS  APRIL  27,  1998  www.computerworld.com/intranets  cover  photograph  by  reid  horn/  photo  illustration  by  logan  seale 


Galaxy  Scientific  Jettisons  Into  New  World 


agerto  build  a  national 
network  but  frustrated  by 
the  lack  of  options.  Galaxy 
Scientific  Corp.  came  with¬ 
in  a  week  of  spending  about  $160,000  to 
erect  firewalls  at  six  major  sites  as  part 
of  an  Internet-based  VPN. 

But  a  week  before  it  was  to  sign  off  on 
the  plan,  it  found  a  fledgling  service 
from  an  ISP  that  would  allow  the  same 
connectivity  at  a  fraction  of  the  price. 

The  man  who  would  have  had  to  live 
with  firewalls  —  and  the  bill  —  was 
Glenn  Botkin.  As  manager  of  informa¬ 
tion  services,  he  was  tapped  in  late  1996 
by  Chief  Executive  Officer  James  Yoh  to 
find  a  way  to  link  Galaxy's  21  offices  in 
a  network  that  would  cut  transmission 
costs,  improve  productivity  and  facili¬ 
tate  collaboration  among  divisions. 

For  eight  years,  the  $40  million  techni¬ 
cal  services  and  systems  integration 
firm,  based  in  Egg  Harbor,  N.J.,  had  been 
growing  at  a  rapid  clip.  From  its  initial 
ground  in  the  aviation  industry,  the 
firm  had  branched  out  to  design  and 
install  computer  systems  for  various 
industries.  Its  network  didn't  keep 
pace:  Communication  among  different 
offices  and  with  headquarters  was 
done  strictly  by  dial-up.  Phone 
charges  were  running  close  to  $4,000 


per  month.  Without  a  network  to  speak 
of,  collaboration  was  tough. 

Botkin  approached  the  job  method¬ 
ically.  He  drew  up  a  list  of  requirements. 
First  was  corporatewide  access  to  com¬ 
pany  information.  Then  came  access  to 
business-critical  systems  such  as 
accounting.  Botkin  also  wanted  the  net¬ 
work  to  provide  access  to  E-mail  over 
the  Internet,  rather  than  via  a  dial-up 
connection.  Finally,  the  solution  needed 
to  embrace  50  or  so  remote  workers. 

Botkin  was  ready  to  go  with  a  system 
from  Check  Point  that  would  require 
erecting  firewalls  and  using  TCP/IP  for 
connectivity.  At  the  time,  he  says,  tun¬ 
neling  protocols  such  as  PPTP  and  L2F 
were  not  yet  available.  The  problem 
was  the  cost:  $160,000  seemed  prohibi¬ 
tive  for  a  company  Galaxy's  size. 

Then  he  heard  about  PSINet's  Intranet 
Service,  which  would  link  Galaxy's 
sites  via  PSINet’s  own  backbone.  While 

'WE  THINK  we  more 

than  justified  the 
cost  [of  our  VPN] 

GLENN  BOTKIN 
GALAXY  SCIENTIFIC 


the  network  forms  a  part  of  the  Internet, 
because  PSINet's  data  packets  never 
leave  the  ISP's  portion,  the  vendor  offers 
specific  service-level  guarantees, 
though  it  does  not  guarantee  quality  of 
service  for  things  such  as  latency. 
Galaxy  now  connects  to  PSINet  via  per¬ 
manent  virtual  circuits  (PVC). 

Because  the  data  never  leaves  PSI¬ 
Net's  backbone,  data  is  not  encrypted. 
But  security  is  tight,  according  to 
PSINet  spokesman  Mike  Binko.  He  says 
because  data  is  switched  rather  than 
routed  over  its  switch  frame  network, 
it's  virtually  impossible  to  hack  into  data 
traveling  across  the  network. 

Meanwhile,  many  of  the  management 
tasks  are  handled  by  PSINet.  "They 
basically  manage  our  security  policy  for 
us,"  Botkin  says.  "We  say  what  kind  of 
traffic  we  want  coming  in  and  out  of 
each  location  and  then  we  can  monitor 
it  to  make  sure  that  our  instructions  are 
implemented  the  way  we  intended." 

The  cost  of  six  PVCs  and  a  pair  of 
ISDN  lines  for  two  smaller  offices  is 
about  equal  to  the  dial-up  charges 
Galaxy  was  paying  previously  —  $3,000 
to  $4,000  monthly  —  Botkin  says.  But  the 
VPN  is  actually  saving  money,  he  adds, 
by  enabling  greater  collaboration. 

"We  think  we  more  than  justified  the 
cost  by  not  having  to  make  the  up-front 
investment  in  firewalls  and  not  having 
to  do  the  continuous  updating  and  man¬ 
agement  that  we  would  have  had  to  do 
with  frame  relay,"  he  says. 

As  an  example  of  the  collaborative 
benefits  the  VPN  enabled,  he  recalls 
that  the  firm  recently  put  together  a  bid 
for  a  $250,000  contract  in  days  by  collab¬ 
orating  over  the  network.  Before,  he 
says,  the  collaboration  would  have 
required  people  to  meet  at  a  central 
location;  meanwhile,  data  exchange 
would  have  been  much  slower. 

"In  our  former  life,  before  the 
network,  we  wouldn't  have  even 
tried  it,"  he  says. 

—  TQM  DUFFY 


PHOTOGRAPH  BY  LYNNE  SILER 


www.computerworld.com/intranets  April  27,  1998  computerworld  intranets  3 


SwabeS  Wnr 
l  jiao's  «***'  \ 


*  40.  ' 


NET  PROFILES 


MATTHEW  MAGUIRE 


0  3  8 


NETWARE 

NOVELL  DIRECTORY  SERVICES 
M  A  N  A  G  E  W  I  S  E 
G  R  0  U  P  W  I  S  E 


DIRECTOR, 

INFORMATION  TECHNOLOGY 


DOMINO'S  PIZZA® 


Matt  Maguire  knows  all  about  delivery.  His  company  delivered  over  226  million  pizzas  last  year.  And 
with  4,500  stores  across  the  country,  Matt's  network  had  to  deliver  the  same  superior  performance  and 
reliability  that  made  Domino's®  the  world's  leader  in  pizza  delivery. 

To  do  that,  Matt  chose  Novell®  networking  solutions.  NetWare®  software  as  the  core  server  operating 
system.  NDS’“  technology  to  manage  his  other  operating  systems,  including  SCO®1  UNIX®  and  Windows 
NT®.  ManageWise®  to  support  all  1,200  remote  devices  in  his  network  from  a  single  location.  And 
GroupWise®  messaging  services  to  leverage  the  ubiquity  of  the  Internet  to  give  employees  worldwide 
access  to  their  email. 

All  in  a  seamlessly  integrated  system  that  could  adapt  to  the  changing  needs  of  the  business  and  scale 
up  as  it  grew. 

The  result?  On-site  technician  calls  were  reduced  to  twice  a  year,  administration  tasks  were  performed  in 
minutes  instead  of  hours,  money  was  saved,  productivity  was  increased,  employees  stayed  in  touch,  and 
Matt  looked  like  a  genius. 

Now  that's  delivering,  www.novell.com 


Novell 


1  7**  *r*  ** 


ino'sPiZz 


mi  no's  Pi 

»'*  Pizza- 

h°.'s  Pi*za. 

mino's 


mino's 


k 


tino'a 


Continued  from  page  2 
ment  cost  that  I  wasn’t  looking  for¬ 
ward  to.” 

Now  MedicaLogic  is  among  the 
firms  riding  the  first  wave  of  VPN 
implementations.  Early  last  year,  Med¬ 
icaLogic  signed  on  with  firewall  ven¬ 
dor  Check  Point  Software  Technolo¬ 
gies  Ltd.  in  Redwood  City,  Calif., 
which  provided  a  combination  of  fire¬ 
wall,  software  and  other  security  mea¬ 
sures  to  allow  the  company  to  deploy 
a  VPN.  However,  Wilson  says  that 
persistent  software  bugs  prevented 
him  and  his  staff  from  even  deploy¬ 
ing  the  VPN  for  several  months. 
(According  to  a  spokesperson  for 
Check  Point,  one  of  its  licensed 
resellers  attempted  to  help  Wilson 
with  the  problems,  but  MedicaLogic 
eventually  stopped  returning  the  com¬ 
pany’s  phone  calls.) 

Because  the  firm  has  a  Tl  Inter¬ 
net  connection  provided  by  UUNet 
Technologies,  Inc.,  Wilson  then  chose 
to  sign  up  with  UUNet’s  VPN  ser¬ 
vice,  figuring  that  staying  entirely 
within  the  ISP’s  backbone  would  have 
a  positive  impact  on  service.  Unfor¬ 
tunately,  he  says,  about  20%  of  his 


remote  users  began  complaining  about 
difficulty  accessing  the  network,  par¬ 
ticularly  in  the  heavy-use  evening 
hours. 

MedicaLogic  began  giving  some  of 
its  remote  users  Netcom  accounts, 
allowing  salespeople  the  option  of 
connecting  to  a  second  ISP.  More 
recently,  MedicaLogic  has  been  slow¬ 
ly  moving  all  of  its  accounts  to  IBM 
Internet  Connection  Services.  Wil¬ 
son  says  IBM’s  VPN  service  simpli¬ 
fies  some  management  tasks.  Med¬ 
icaLogic  can  directly  make  password 
changes  on  individual  accounts,  for 
example,  rather  than  submitting  the 
requested  changes  to  the  service 
provider. 

Deploying  a  VPN  turned  out  to  be 
the  most  cost-effective  alternative  for 
MedicaLogic.  The  cost  savings  over 
running  a  modem  bank  is  “in  the  tens 
of  thousands  of  dollars,”  Wilson  says. 
But  analysts  caution  that  is  not  always 
the  case. 

“Are  VPNs  cheaper  than  private 
lines?”  asks  Eric  Paulak,  Internet  ana¬ 
lyst  at  Gartner  Group,  Inc.  in  Stam¬ 
ford,  Conn.  “Absolutely.  Than  frame 
relay?  Maybe  not.  In  some  cases,  frame 


relay  in  North  America  can  be  much 
cheaper.” 

LOOKING  TO  SAVE 

Frame  relay  is  what  The  MacManus 
Group  spent  millions  of  dollars  on 
annually  until  last  year  to  connect  its 
35  offices  in  North  America  as  well 
as  offices  in  Hong  Kong  and  London. 
The  network  is  used  for  everything 
from  electronic  mail  to  digitized, 
broadcast-quality  commercials,  as  well 
as  to  give  customers  such  as  consumer 
products  giant  Procter  &  Gamble  Co. 
access  to  a  library  of  advertisements. 

Looking  for  a  less  expensive  way  to 
connect  the  overseas  offices  and  eager 
to  bring  65  other  foreign  offices 
online,  the  San  Francisco-based  ad 
agency  decided  to  deploy  a  VPN. 

“I  anticipated  unreliable  Internet 
service,”  says  Craig  Metzler,  region¬ 
al  director  for  information  technol¬ 
ogy  at  The  MacManus  Group  who 
oversaw  the  VPN  implementation. 
“But  I  find  the  Internet  is  just  as  reli¬ 
able  as  the  frame  is.” 

Metzler  says  the  company  was  more 
comfortable  running  its  own  firewalls 
and  encrypting  the  data  itself  than 


So  What  Is  a  VPN,  Anyway? 


Perhaps  you've  heard  a 

quick  pitch  from  a  couple 
of  vendors  or  talked  about 
them  during  a  long-term  strategy  ses¬ 
sion.  You  know  that  virtual  private 
networks  (VPN)  might  save  you 
money  by  helping  your  firm  make  bet¬ 
ter  use  of  the  Internet. 

But  the  truth  is,  if  anyone  cornered 
you  at  the  water  cooler  and  asked, 
"What  is  a  VPN?"  you'd  have  a  hard 
time  giving  him  an  intelligible 
answer. 

You'd  have  plenty  of  company. 

"You  can  ask  10  different  network¬ 


ing  people  and  get  10  different 
answers  about  what  a  VPN  is,"  says 
Tom  Bregman,  associate  product 
manager  at  Purchase,  N.Y.-based 
ANS  Communications,  Inc.,  a  VPN 
provider.  "We  all  have  our  own  dis¬ 
positions  as  to  what  we  believe 
defines  a  VPN." 

So  what  are  VPNs? 

They  are  essentially  an  IP-based 
connectivity  technology.  Think  of 
them  as  an  updated  version  of  value- 
added  networks  deployed  over  the 
Internet.  What  leads  to  confusion  is 
the  wide  variety  of  ways  in  which 


they  can  be  implemented. 

VPNs  can  be  software-  or  hard- 
ware-based  or  some  combination  of 
both.  They  can  be  managed  internally 
and  deployed  via  the  Internet  or  be 
provided  and  managed  by  ISPs.  They 
can  be  used  to  connect  branch 
offices  within  a  company,  to  link  up 
with  business  partners  or  to  give 
remote  users  access  to  the  company 
network. 

At  their  simplest  level,  VPNs  allow 
data  to  be  transported  over  the  Internet 
via  a  tunneling  protocol  such  as 
Microsoft  Corp.'s  PPTP  or  Cisco 


s  COMPUTERWORLD  INTRANETS  April  27,  1998  www. computerworld. com/intranets 


•  mmm 


•  : 


if- 


"I  ANTICIPATED  unreli¬ 
able  Internet  service. 
But  I  find  the  Internet 
is  just  as  reli¬ 
able  as  the 
frame  is." 

CRAIG  METZLER 
THE  MACMANUS 
GROUP 

outsourcing  the  work 
to  an  ISP.  Check  Point 
provided  the  firewalls, 
management  software 
and  other  security  mea¬ 
sures. 

“Unless  that  ISP  has  armed  guards 
standing  along  the  entire  length  of  its 
cables,  there  is  nothing  to  stop  any¬ 
one  from  tapping  into  those  lines,” 
he  says.  “This  way  it’s  encrypted  with 
our  keys  so  nobody  can  track  it.  We 
literally  control  the  traffic  from  the 
minute  it  leaves  our  walls.” 

The  cost  savings  have  been  the  most 


Systems,  Inc.'s  L2F.  Indeed,  all  a  user 
would  need  to  set  up  a  rudimentary, 
nonsecure  VPN  would  be  Windows 
95,  which  supports  PPTP;  an  Internet 
connection;  and  a  recipient  whose 
system  also  supports  PPTP. 

Firewall  vendors  such  as  Raptor 
Systems,  Inc.  in  Waltham,  Mass., 
and  Check  Point  Software 
Technologies  offer  VPNs  that  are 
essentially  firewalls  in  combination 
with  a  variety  of  security  measures 
and  management  tools. 

A  number  of  ISPs  offer  VPNs  under 
a  variety  of  trade  names.  (Some 
don't  call  their  offerings  VPNs,  even 
though  that's  what  their  customers 
call  them.  For  example,  PSINet 
calls  its  service  PSI  IntraNet.) 


substantial  in  connecting  the  London 
and  Hong  Kong  offices.  Metzler  says 
that  in  the  case  of  Hong  Kong,  the 
firm  is  saving  about  $30,000  annu¬ 
ally.  For  North  American 
offices,  however, 
Metzler  says  the  cost 
of  erecting  a  firewall 
and  deploying  the 
hardware  and  soft¬ 
ware  to  go  with  it, 
when  amortized  over 
three  years,  is  about  the 
same  as  the  cost  of  a 
frame  connection,  so 
connecting  them 
JjjKffW  isn’t  as  high  a 
«  USA  priority.  About 
one-third  of  the 
offices  are  connected 
so  far. 

“Long  term,  we  probably  will  con¬ 
nect  more  and  more  offices  in  North 
America  up  to  the  VPN,”  he  says. 

PLENTY  OF  HOLDOUTS 

Despite  accolades  from  the  likes  of 
Metzler,  many  firms  are  waiting  on  the 
VPN  sidelines  for  some  of  the  hype 
to  subside.  Among  those  is  Sega  of 


These  VPNs  typically  transport  data 
entirely  within  the  ISP's  backbone 
rather  than  across  the  wider 
Internet  —  an  approach  they  boast 
enhances  performance. 

Given  the  complexities  of  the  VPN 
marketplace,  users  caution  future 
VPN  buyers  to  be  savvy  consumers 
and  not  sit  back  and  accept  what¬ 
ever  the  vendor  tells  them. 

"Understand  what  you  are  buying 
in  relation  to  what  you  actually 
need,"  says  Craig  Metzler,  regional 
director  for  information  technology 
at  The  MacManus  Group,  a  San 
Francisco-based  advertising  firm. 
"Ask  the  tough  questions.  Don't  just 
assume  the  answer  is  the  answer." 

—TOM  DUFFY 


PRIVATE  NETWORKS 

America,  based  in  Redwood  City,  Calif. 

“We’ve  been  thinking  about  VPNs 
because  everyone  else  is  saying  that 
it’s  the  way  to  go,”  says  James  Fowler, 
Sega’s  network  administrator.  “For 
now,  though,  we’re  sitting  back  on  the 
sidelines  and  seeing  what  everyone 
else  is  doing  with  it.” 

Sega  currently  has  a  private  network 
connection  to  its  parent  company  in 
Japan  and  a  sister  firm  in  Europe. 
Road  warriors  link  up  with  Redwood 
City  via  a  dial-up  connection  over 
frame  relay  or  leased  lines.  Fowler  says 
his  firm  was  attracted  by  the  poten¬ 
tial  cost  savings  that  VPN  providers 
touted,  though  he  questioned  the  ade¬ 
quacy  of  security.  While  security  con¬ 
cerns  could  probably  be  solved 
through  encryption,  that  in  turn 
might  affect  network  performance. 

“You’re  talking  extra  CPU  cycles 
from  the  client  machine  to  encode  the 
information,”  he  says.  “Then  you  have 
the  additional  overhead  on  the  other 
end  to  decode  it.  On  a  28. 8K  bit/sec. 
modem,  how  much  of  an  impact  is 
that  going  to  have?” 

Potential  users  are  right  to  question 
the  kind  of  security  that  VPNs  pro¬ 
vide,  according  to  Scott  Bradner,  a 
senior  technical  consultant  at  Har¬ 
vard  University  in  Cambridge,  Mass., 
and  a  member  of  the  Internet  Engi¬ 
neering  Task  Force. 

“People  are  buying  encrypted  VPNs 
because  they  give  them  this  secure- 
from-the-world  environment,”  Brad¬ 
ner  says.  “But  if  one  looks  at  the  Inter¬ 
net  world,  the  majority  of  security 
issues  are  with  local  people  that  would 
be  inside  the  firewall  and  inside 
encrypted  tunnels.  The  environment 
they  really  need  to  be  secure  from  is 
their  own.” 

Security  was  at  the  forefront  of 
Bruce  Bartolf’s  concerns  when  he 
began  exploring  the  possibility  of 
deploying  a  VPN  as  vice  president 
of  IS  at  M.  Arthur  Gensler  Jr.  and 
Associates,  Inc.  But  so  was  bringing 
Continued  on  page  10 


ILLUSTRATIONS  BY  STEVE  SCHILDBACH 


www.computerworld.com/intranets  April  27,  1998  computerworld  intranets  v 


©  Copyright  1998  Novell,  Inc.  All  rights  reserved.  Novell  and  GroupWise  are  registered  trademarks  and  No  Limits  is  a  trademark  of  Novell,  Inc.  in  the  United  States  and  other  countries. 
Java  is  a  registered  trademark  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries.  *  1997  CNI  research  evaluation  of  Novell  GroupWise,  Lotus  Notes  and  Microsoft  Exchange. 


(ALL  TERRAIN  E-MAIL) 


Imagine,  e-mail  that  actually  does  more  than  e-mail.  Like  allow  workgroups  to  really  work  as  groups. 

Or  turn  collaboration  from  an  airy  concept  into  a  practical  reality. 

Or  boost  real-time,  bottom-line  productivity — making  users  up  to  six  times  more  productive  than  users  of  competitive  products? 

All  without  headaches,  without  hassles, 

without  having  to  reinvent  the  wheel  or  re-educate  your  users.  And  all  while  leveraging  your  current  networking  investment 

to  extend  functionality,  minimize  cost  and  maximize  return. 

m. 

Novell®  GroupWise  5.2  makes  it  possible. 


GroupWise®  5.2  messaging  is  as  easy  to  use  as  ordinary  e-mail, 
but  it  goes  places  and  does  things  no  ordinary  e-mail  can  even  approach. 

By  leveraging  the  vast  infrastructure  of  the  Internet,  GroupWise  puts  powerful  tools  within  reach  of  any  user,  any  browser, 

any  server  (yes,  even  NT).  It's  also  Java®enabled. 

And  it  has  a  rich  array  of  expanded  capabilities — calendaring  and  scheduling,  document  management,  workflow,  imaging, 
threaded  discussions  and  status  tracking — that  simply  help  people  do  their  jobs  better. 

With  the  freedom,  flexibility  and  friendliness  of  an  out-of-the-box  solution — that  can  still  be  easily  optimized  to  your  needs. 
That's  why  nearly  three  out  of  four  people  who  try  GroupWise,  buy  it.  So  try  it — FREE. 

Get  a  free  three-user  CD-version  of  the  full  product  by  calling  1  800  778-1850  or  download  it  from  our  Web  site. 

Then  experience  the  sheer  pleasure  of  go-anywhere,  do-everything  e-mail. 
www.novell.com/groupwise/allterrain 


Novell 


GROUPWISE 


VIRTUAL  PRIVATE  NETWORKS 


Continued  from  page  7 
together  the  firm’s  1,300  architects, 
who  at  any  given  time  might  be  work¬ 
ing  on  projects  in  New  York,  Chica¬ 
go,  London,  Hong  Kong  or  Jakarta, 
Indonesia. 

Bartolf  chose  a  VPN  product  from 
Pilot  Network  Services,  Inc.  in  Alame¬ 
da,  Calif.  With  Pilot’s  product, 
Gensler  can  use  any  ISP  it  wants.  But 
all  transmissions  pass  through  a  Pilot- 
operated  firewall  before  being  sent  on 
to  their  final  destination. 

MIXED  REVIEW 

Through  no  fault  of  Pilot’s,  Gensler’s 
experience  with  VPNs  has  been 
mixed,  according  to  Bartolf. 

On  the  positive  side,  the  VPN 
allows  architects,  who  might  oper¬ 
ate  out  of  construction  site  trailers  for 
months,  to  connect  to  the  wide-area 
network  without  Gensler’s  having  to 


establish  a  frame-relay  connection,  as 
it  did  in  the  past. 

And  transmission  of  its  documents, 
typically  computer-aided  design  files 
between  7M  and  10M  bytes,  is  not 
appreciably  slower  than  it  was  via 
frame  relay.  “We’re  not  the  average 
user,”  Bartolf  says.  “Sometimes  we’re 
sending  4-ft  by  18-ft,  24-bit  color 
posters.” 

Gensler  has  discovered,  however, 
that  the  Internet  is  not  always  reliable 
when  remote  users  are  connecting  to 
time-sensitive  applications  on  the 
company  network.  The  firm  attempt¬ 
ed  to  roll  out  an  Oracle  Corp. -based 
billing  application  but  found  that  the 
servers  often  timed  out  while  the 
information  the  user  had  requested 
was  being  passed  back  to  him. 

To  solve  the  problem,  Gensler  has 
decided  to  redesign  the  database  by 
off-loading  processing  chores  from 


the  client  to  the  server  and  by  build¬ 
ing  an  HTML  front  end. 

Bartolf  admits  he’s  not  sure  the  solu¬ 
tion  will  work,  but  he  figures  that’s  the 
nature  of  VPNs.  It’s  a  new  technology, 
and  while  it  might  have  great  benefits 
to  offer,  it  remains  somewhat  unpre¬ 
dictable.  Analysts  say  that  as  the  VPN 
market  matures,  things  will  only 
improve.  Some  ISPs  are  beginning  to 
offer  improved  quality  of  service  guar¬ 
antees,  such  as  allowing  customers  to 
pay  for  a  higher-priority  level  that  would 
allow  their  data  to  move  more  quickly 
during  periods  of  congestion.  But  guar¬ 
antees  for  throughput,  latency  and  pack¬ 
et  loss  are  still  several  years  away. 

“It  is  pretty  exciting,”  Gartner 
Group’s  Paulak  says.  “But  it’s  still  a 
best-effort  technology.” 

Duffy  is  a  freelance  writer  in 
Somerville,  Mass. 


Product 

Sampler 

Internet  Service 
Providers 

ANS  Communications,  Inc. 

100  Manhattanville  Road 
Purchase,  N.Y. 

(914) 701-5440 
www.ans.net 


VPN  vendors  can  be  broken  down  into  two  general  categories:  ISPs,  which 
manage  VPNs  for  their  customers  on  an  outsourcing  basis,  and  hardware 
and  software  companies,  which  provide  a  combination  of  firewalls,  manage¬ 
ment,  connectivity  and  security  measures.  They  include  the  following: 


(800)  472-4565 
www.bbn.com 

IBM  Software  Group 

Route  100 
Somers,  N.Y. 

(914) 766-1423 
www.software.ibm.com 


(703)  904-4100 
www.psi.net 

UUNet  Technologies,  Inc. 

3060  Williams  Drive 
Fairfax,  Va. 

(800)  488-6383 
www.uu.net 


CompuServe  Network  Services 

5000  Britton  Road 
Hilliard,  Ohio 
(800)  433-0389 
www.compuserve.net 

GTE  Internetworking 

150  Camhridgepark  Drive 
Cambridge,  Mass. 


Pilot  Network  Services,  Inc. 

1080  Marina  Village  Parkway 
Alameda,  Calif. 

(510)  433-7800 
www.pilot.net 

PSINet,  Inc. 

510  Huntmar  Park  Drive 
Herndon,  Va. 


Software  VPN  Provider 

Check  Point  Software 
Technologies  Ltd. 

400  Seaport  Court 
Redwood  City,  Calif. 

(650)  482-4900 
www.checkpoint.com 


10  COtViPUTERWORLD  INTRANETS  APRIL  27,  1998  www. computerworld .com/intranets 


PROJECT:  FILENET  CORP. 


VPN  Speeds  Traffic  Among  Scattered  Sites 


By  Steve  Alexander 

ileNet  Corp.,  a  Costa 
Mesa,  Calif.,  vendor  of 
workflow,  document 
imaging  and  other  soft¬ 
ware,  hopes  to  replace  pri¬ 
vate  leased  lines  and 
frame-relay  connections 
with  a  faster  virtual  pri¬ 
vate  network  (VPN). 

Following  testing,  the  firm  expects 
to  set  up  a  VPN  link  to  the  compa¬ 
ny’s  Chicago  office.  Initial  rollout  to 
other  offices  —  up  to  six  in  the  U.S. 
and  nine  abroad  —  will  probably  begin 
with  sites  where  FileNet  currently  lacks 
wide-area  network  connectivity,  such 
as  Singapore  and  Tokyo.  By  the  second 
half  of  1998,  FileNet  expects  to  replace 
dial-in  remote  access  for  laptop  users 
with  VPN  access. 

Mike  McCoy,  FileNet’s  director  of 
MIS,  explains  the  VPN  rollout,  which 
he  expects  will  be  transparent  to  the  more 
than  1,500  FileNet  employees. 

WHAT  THE  VPN  REPLACES 

The  VPN  will  replace  some 
of  FileNet’s  WAN  connec¬ 
tions,  made  primarily  over 
leased  lines  and  some  frame 
relay.  FileNet  will  probably 
link  its  major  internation¬ 
al  sites  to  headquarters  via 
the  VPN,  but  smaller 
offices  in  other 


FileNet’s  MIKE 
MCCOY:  Look  at  your 
potential  partner  and 
make  sure  it  knows 
what  it's  doing 


countries  will  likely  continue  to  use 
private  lines  because  the  difference  in 
cost  isn’t  large  enough  to  make  the 
move  worthwhile. 

WHAT  IT  WILL  CARRY 

The  VPN  will  carry  electronic  mail 
(Microsoft  Corp.’s  Exchange),  SAP  AG 
business  software,  FileNet  integrated 
document  management  software  and 
phone  calls.  Current  plans  call  for 
implementing  data  applications  first 
and  voice  in  the  third  quarter. 

SAVINGS 

Total  savings  of  20%  to  25%  are  expect¬ 
ed  annually,  though  actual  savings  may 
vary  by  site. 

OTHER  BENEFITS 

Added  benefits  include  bringing  up  addi¬ 
tional  network  links  more  easily  via  local 
Internet  service  providers  (ISP)  and  set¬ 
ting  up  extranets.  VPN  connections 
require  only  that  the  customer  have  an 
Internet  connection  and  a  special  encryp¬ 
tion  device.  Connection  to  the  extranet 
could  be  enabled  at  FileNet’s  manage¬ 
ment  console. 

WHY  THEY'RE  DOING  IT 

FileNet’s  business  is  growing,  and 
the  firm  has  heavy  voice  and  data 
traffic  to  its  direct  sales  and 
support  organizations 
in  60  countries.  The 
VPN  would  increase 
line  capacity  from 
64 K  to  256K 
bits,  reliev¬ 
ing  band¬ 
width 
restrictions 
and  enabling 


more  document-sharing  applications  in 
the  future. 

HOW  THEY'RE  DOING  IT 

Fiberlink  Communications  Corp.  in 
Blue  Bell,  Pa.,  a  systems  integrator,  is 
providing  the  VPN.  Fiber- 
link  has  contracted  for  ISP 
services  from  UUNet  and 
has  bought  VPN  software 
and  hardware  from  VPNet 
Technologies,  Inc.  The 
VPNet  products  include 
a  security  device  that  connects  FileNet’s 
enterprise  LAN  to  the  WAN  (providing 
security  and  management  functions),  a 
tool  suite  for  installing,  configuring  and 
monitoring  the  VPN,  and  remote  client 
software  for  laptops. 

TECHNICAL  CHALLENGES 

One  hurdle  is  making  sure  the  VPN  secu¬ 
rity  devices  work  with  FileNet’s  routers 
and  firewalls.  Others  include  disabling 
network  nodes  on  the  VPN  if  there  is  a 
security  breach  and  ensuring  the  ISDN 
backup  lines  work  well  with  the  VPN. 

COSTS 

The  initial  investment  in  hardware  and 
first-year  operating  costs  comes  to 
$200,000,  plus  an  $85,000  annual  cost 
for  hardware  maintenance  and  operat¬ 
ing  expenses. 

ADVICE  TO  OTHERS 

Look  at  your  potential  partner,  whether 
it’s  an  integrator  or  an  ISP,  and  make  sure 
it  knows  what  it’s  doing.  That’s  the  key, 
unless  you  want  to  do  a  VPN  all  by 
yourself  —  and  you  don’t. 


HOW  THEY  RATE 


For  the  full  interview 
with  Mike  McCoy  plus 
RealAudio  clips,  visit 

www.computerworld.com/intranets 


Alexander  is  a  freelance  writer  in 
Edina,  Minn. 


COMPUTERWORLD  INTRANETS  is  published  monthly  on  the  fourth  Monday  of  the  month  as  a  supplement  to  Computerworld. 
Editor:  Anne  McCrory;  Art  Director:  Mary  Beth  Welch;  Managing  Editor:  Kimberlee  A.  Smith;  Computerworld  Magazines 
Editor:  Alan  Alper.  Phone:  (800)  343-6474;  E-mail:  anne_mccrory@cw.com;  fax:  (508)  875-8931. 


PHOTOGRAPH  BY  MOJGAN  B  AZIMI 


www.computerworld.com/intranets  APRIL  27,  1998  computerworld  intranets  it 


OPEN 


systems.  Open  standards.  Open  doors  of  interchange  anywhere  in  the  world. 

That  is  the  promise  of  networking. 

And  that  is  the  promise  Novell®  is  delivering. 

Novell's  innovative  enabling  technologies  helped  create  the  networking  revolution  of  yesterday 

and  are  now  helping  catalyze  the  business  revolution  of  tomorrow. 

With  millions  of  users  around  the  world,  Novell  server  operating  systems  truly  power  the  network. 

The  latest  version  of  NetWare®  software,  for  example,  offers  superior  management  and  control  of  increasingly  complex  networks, 
including  the  Internet  and  corporate  intranets,  delivering  exceptional  value  at  a  low  cost  of  ownership. 

NetWare  is  supported  by  Novell  Directory  Services7"1 

the  industry's  leading  cross-platform  directory  service, 
providing  single-source  administration  of  all  parts  of  the  computing  environment, 

including  UNIX®  and  NT  servers,  minis  and  mainframes. 

NDS™  also  closely  integrates  with  Novell  BorderManager™  technology,  Novell's  newest  Internet  product. 


BorderManager  is  the  industry's  first  integrated  family  of  directory-based  network  services 

that  manages,  secures  and  accelerates  user  access  to  information  at  every  network  border— 

the  point  where  any  two  networks  meet. 

NDS  and  BorderManager  are  object-oriented  network  services  that  can  be  integrated  under  Novell's  Open  Systems  Architecture  (OSA). 
This  unique  set  of  Java®  initiatives  allows  developers  to  fully  build  robust 

and  scalable  server-based  solutions  for  the  Internet 
using  open  public  API  specifications  for  Java  applications  for  global  computing. 

And  GroupWise®  5.2  leverages  the  ubiquity  of  the  Internet  to  deliver  expanded  e-mail  capabilities 
such  as  calendaring  and  scheduling,  document  management,  workflow,  imaging,  threaded  discussions  and  status  tracking  — 

for  any  user  with  any  browser  on  any  server. 

Networks  will  continue  to  get  bigger,  faster  and  more  complex.  But  they're  still  just  networks. 

And  no  one  knows  networks  like  Novell. 

We  have  the  tools,  the  technology  and  the  talent  to  make  the  networking  future  a  practical  reality  today. 

Internet,  intranet,  extranet— anynet— the  name  of  the  network  is  Novell. 


1993  Novell,  Inc.  All  rights  reserved.  Novell,  GroupWise  and  NetWare  are  registered  trademarks,  and  Novell  BorderManager  and  Novell  Directory  Services  (NDS)  are  trademarks  of  Novell,  Inc. 

1  i ft  United  States  and  other  countries.  Java  is  a  registered  trademark  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of  X/Open  Company,  Ltd.  in  the 

d  States  and  othet  countries, 


www.novell.com 


